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Listing of the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Currently Amended) A method for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the method including: 

establishing an access control protocol RADIUS session with the user; 

receiving a user profile for the user at the network device from a AAA server, the user 
profile containing information regarding which commands the user is authorized to execute, the 
information including a command set described by regular expressions; 

storing the user profile in a memory accessible by the network device; 

receiving the command from the user; 

comparing the command to said command set contained in said user profile; and 
d e t e rmining wh e th e r th e command is authoriz e d bas e d on the information in th e us e r 

profil e stor e d in th e m e mory; and 

authorizing the command if the command is contained in said command set or r e j e cting 

th e command in r e spons e to said d e t e rmining . 

2. (Original) The method of claim 1, wherein the network device is a Network Access 
Server (NAS). 

3. (Currently Amended) The method of claim 1, further including purging said user profile 
from said memory when said access control protocol RADIUS session is terminated. 
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4. (Currently Amended) The method of claim 1, wherein said access control protocol 
session is a RADIUS session det e rmining includ e s comparing said command to a command s e t 
contain e d in said user profil e and said authorizing includ e s authorizing the command if it is 
contained in said command s e t . 

5. (Currently Amended) The method of claim I[4], wherein said command set is a list of 
previously authorized commands. 

6. (Currently Amended) The method of claim I[4], wherein said command set is described 
by regular expressions. 

7. (Currently Amended) An apparatus for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the apparatus including: 

a RADIUS session initiator; 

a user profile receiver coupled to said RADIUS session initiator and coupled to a AAA 

server; 

a memory containing a user profile having a command set ; 

a user profile storer coupled to said user profile receiver and said memory; 

a command receiver; 

a command set comparer coupled to said memory and to said command receivera n 
authoriz e d command d e t e rmin e r coupl e d to said command rec e iv e r and to said m e mory ; and 

a command authorizer coupled to said command set comparer authoriz e d command 
d e t e rmin e?. 
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8. (Original) The apparatus of claim 7, wherein the network device is a Network Access 
Server (NAS). 

9. (Original) The apparatus of claim 7, further including a user profile purger coupled to 
said memory. 

10. (Canceled) 

1 1 . (Currently Amended) The apparatus of claim 7 4-G, wherein said command set is a list of 
previously authorized commands. 

12. (Currently Amended) The apparatus of claim 7 40, wherein said command set is 
described by regular expressions. 

13. (Currently Amended) An apparatus for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the method including: 

means for establishing an access control protocol RADIUS session with the user; 

means for receiving a user profile for the user at the network device from a AAA server, 
the user profile containing information regarding which commands the user is authorized to 
execute, the information including a command set described by regular expressions; 

means for storing the user profile in a memory accessible by the network device; 

means for receiving the command from the user; 
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means for comparing the command to said command set contained in said user profile 
d e t e rmining wh e th e r th e command is authoriz e d bas e d on th e information in th e us e r profil e 
stored in th e m e mory ; and 

means for authorizing the command if the command is contained in said command set er 
r e j e cting th e command in r e spons e to said det e rmining . 

14. (Original) The apparatus of claim 13, wherein the network device is a Network Access 
Server (NAS). 

15. (Currently Amended) The apparatus of claim 13, further including means for purging 
said user profile from said memory when said access control protocol RADIUS session is 
terminated. 

16. (Currently Amended) The apparatus of claim 13, wherein said access control protocol 
session is a RADIUS session m e ans for d e t e rmining includ e s m e ans for comparing said 
command to a command s e t contain e d in said us e r profile and said m e ans for authorizing 
include s m e ans for authorizing th e command if it is contained in said command s e t . 

17. (Currently Amended) The apparatus of claim 13 46, wherein said command set is a list 
of authorized commands. 

18. (Currently Amended) The apparatus of claim 13J-6, wherein said command set is 
described by regular expressions. 
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19. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
authorizing a command from a user received at a network device separate and distinct from an 
Authentication, Authorization, and Accounting (AAA) server, the method including: 

establishing a n access control protocol RADIUS session with the user; 

receiving a user profile for the user at the network device from a AAA server, the user 
profile containing information regarding which commands the user is authorized to execute, the 
information including a command set described by regular expressions; 

storing the user profile in a memory accessible by the network device; 

receiving the command from the user; 

comparing the command to said command set contained in said user profile; and 
det e rmining wh e th e r th e command is authoriz e d bas e d on th e information in th e us e r 

profil e stored in th e m e mory; and 

authorizing the command if the command is contained in said command set or r e j e cting 

th e command in r e spons e to said d e t e rmining . 
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